In re Appln. of Palekar et al. 
Application No. 09/360,912 

CLAIM AMENDMENTS 

1 - 32. (Cancelled). 

33. (New). A method for enforcing a selected policy from a set of polices maintained 
by a policy server to be applied to a user interconnected to a network through a communication 
path, wherein the network includes a gateway and one or more resources, comprising: 

receiving, by the gateway, a request from the user to access the one or more resources on 
the network; 

selecting a user object from a plurality of stored objects, wherein the user object 
corresponds to the user and includes a set of attributes comprising a group to which the user 
belongs; 

identifying a profile that applies to the user based on the set of attributes, wherein the 
profile includes an authorization parameter and a communication parameter; 

determining, by the gateway, whether to grant or deny access to the one or more 
resources on the network based upon the authorization parameter; and 

configuring the communication path based upon the communication parameter. 

34. (New). The method of claim 33, wherein the network is a virtual network. 

35. (New). The method of claim 33, wherein the set of attributes further includes a 
user name and password, further comprising: 

determining whether to grant or deny access to the network based on the user name and 
password. 

36. (New). The method of claim 33, wherein the step of configuring the 
communication path further comprises setting quality of service (QOS) parameters. 

37. (New). The method of claim 33, further comprising: 

determining a characteristic of the communication path between the user and the 
gateway; and 

determining, at the gateway, whether to grant or deny access to the one or more resources 
on the network based on the determined characteristic. 
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38. (New). The method of claim 37, wherein the characteristic of the communication 
link is a call-back number. 

39. (New). The method of claim 37, wherein the characteristic is a medium type. 

40. (New). The method of claim 33, wherein the gateway is interposed between the 
user and each of the resources on the network. 

41 . (New). The method of claim 33, further comprising: 
replacing the authorization parameter with an override attribute. 

42. (New). The method of claim 33, further comprising: 
replacing the communication parameter with an override attribute. 

43. (New). The method of claim 33, wherein the communication parameter includes 
an authentication type and the step of configuring the communication path comprises setting the 
authentication type to be applied to the user. 

44. (New). The method of claim 33, wherein the step of configuring the 
communication path comprises setting a bandwidth. 

45. (New). The method of claim 33, wherein the step of configuring the 
communication path comprises establishing a network address assigned to the user. 

46. (New). The method of claim 33, wherein the step of configuring the 
communication path comprises establishing an encryption level to be applied to communications 
between the user and the network. 

47. (New). The method of claim 33, wherein the authorization parameter represents a 
time of day during which the user is permitted to access the network. 
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48. (New). The method of claim 33, wherein the authorization parameter represents a 
phone number from which the user is permitted to call and access the network. 

49. (New). A computer-readable medium having computer-readable instructions for 
a method for enforcing a selected policy from a set of polices maintained by a policy server to be 
applied to a user interconnected to a network through a communication path, wherein the 
network includes a gateway and one or more resources, comprising: 

receiving, by the gateway, a request from the user to access the one or more resources on 
the network; 

selecting a user object from a plurality of stored objects, wherein the user object 
corresponds to the user and includes a set of attributes comprising a group to which the user 
belongs; 

identifying a profile that applies to the user based on the set of attributes, wherein the 
profile includes an authorization parameter and a communication parameter; 

determining, by the gateway, whether to grant or deny access to the one or more 
resources on the network based upon the authorization parameter; and 

configuring the communication path based upon the communication parameter. 

50. (New). The computer-readable medium of claim 49, wherein the network is a 
virtual network. 

51 . (New). The computer-readable medium of claim 49, wherein the user attributes 
further include a user name and password, further comprising: 

determining whether to grant or deny access to the network based upon the user name 
and password. 

52. (New). The computer-readable medium of claim 49, wherein the step of 
configuring the communication path further comprises setting quality of service (QOS) 
parameters. 

53. (New). The computer-readable medium of claim 49, further comprising: 
determining a characteristic of the communication path between the user and the 

gateway; and 
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determining, at the gateway, whether to grant or deny access to the one or more resources 
on the network based upon the determined characteristic. 

54. (New). The computer-readable medium of claim 49, further comprising: 
replacing the authorization parameter with an override attribute. 

55. (New). The computer-readable medium of claim 49, further comprising: 
replacing the communication parameter with an override attribute. 

56. (New). The computer-readable medium of claim 49, wherein the communication 
parameter includes an authentication type and the step of configuring the communication path 
comprises setting the authentication type to be applied to the user. 

57. (New). The computer-readable medium of claim 49, wherein the step of 
configuring the communication path comprises setting a bandwidth. 

58. (New). The computer-readable medium of claim 49, wherein the step of 
configuring the communication path comprises establishing a network address assigned to the 
user. 

59. (New). The computer-readable medium of claim 49, wherein the step of 
configuring the communication path comprises establishing an encryption level to be applied to 
communications between the user and the network. 
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